A crisis management plan is key to preventing corporate pain
If a crisis is ‘an abrupt and brutal audit’, as one pundit put it, then crisis management needs to be an unassailable and failsafe response to that audit. So writing a crisis management plan requires assiduous attention to detail and understanding of which crises are likely to assail travellers in any given destination, all the while keeping a weather eye on reputation management.
A terrorist attack is not the only potential disaster that needs to be in the plan. A crisis could occur in the form of a cyber attack, an epidemic, extreme weather and much more. BBT asked four experts how a crisis management plan should be crafted and, although views vary as to who should write the plan, all parties emphasise that it must be tested. Get it right and you are well prepared.
The Buyer – Ruediger Bruss, corporate purchasing, global category manager travel & mobility, Continental Teves
I would involve someone from the internal security department or a security company, plus our leadership and HR. Knowing your company and where people go is important, as is the ability to go through data to find out. Before going to the leadership team, take legal advice – either internally or externally – because it might be necessary to educate them about what the legal requirements are.
The outcome should always be the same: to get people home safely. We just had a storm in northern Germany and there were no trains running. A lot of people from our HQ in Hanover are based in Regensburg, Bavaria, and in Frankfurt. We needed to contact them and put them all on a bus home. For safety reasons, we didn’t want people hitchhiking home nor did we want to have to meet the cost of 50 people renting cars. People always think a crisis is a dramatic incident, but mostly it is just weather and what that entails.
The resources for implementing the plan are the standard set of actors: the TMC, security company or internal department, travel manager and HR. Depending on the severity of the incident, you might need additional people on the ground in the country where the event is happening. And if managing the crisis is expensive, you need someone from the leadership team on board, too. Another reason for keeping the leadership team involved is that they might be asked by members of the press to comment. They should know what to say to protect the organisation’s reputation.
These plans don’t need to be circulated widely. It is important that the key stakeholders know what to do; they need to know the plan by heart. They can inform people that are not aware of the intricacies in a timely manner.
Much more important is doing a dry run. Test how the plan would work with one of the key players, say head of security, on vacation. If you really have to get those people together, can you find information, contact employees. That way, you have experience of how to deal with a complex and difficult situation.
Once you have done something small or large, communicate that to your leadership team and also to employees via a post in the company’s social media or newsletter. It doesn’t have to be a huge, dramatic message: ‘You might have read in the news that we had employees there and this is what we did. We can only save you when you follow processes and book through our tools, use our TMC.’ Such messages not only reinforce that the company cares for its employees, they also educate them that there are reasons why you ask them to use the tools you have.
The TMC – Wayne Durkin, head of sales and account management, Good Travel Management
It is important to involve key stakeholders: HR, operations team, management team, senior leadership team and, most importantly, travellers. It is about identifying potential scenarios, making sure that you have a clearly thought-out plan so you can identify travellers that are at risk, how you communicate with them, get them to safe havens, arrange for travel back to their country and also stop any travellers that are going to those regions. A TMC has access to key information and will be able to identify who is travelling where.
Have someone who is the lynchpin, so they take responsibility instantly, plus a nominated deputy in case of absence, and then identify the key players who are enacting the plan.
Agree the desired outcome for each scenario. If anybody has been impacted, then work with the authorities to make sure they are supported and if you are working with a risk management company, engage with them.
Make sure people read and sign the plan as part of the induction process so that they understand what it is and what is expected of them. Video training can cover off scenarios and how to react, and quizzes will make sure they have the right level of knowledge and understanding.
A dry run is essential. Run through the plan for an event, making sure you haven’t got any gaps – how you identify whom you communicate with in the TMC, how you identify who’s at risk and what the timescales are. Then you can gauge what would happen in potential scenarios. Identify any flaws in the process and make sure they are addressed. Any gap could have a significant impact on the end result and employees’ lives are potentially at risk if you make the wrong decision.
The Corporate Security Manager – Jason Keen, senior manager, regional security EMEA/APAC, Citrix
We will deal with external partners; international risk management companies can be a great resource and give you a global benchmark for the threat picture, but a multi-source approach, although more time-consuming, gives you a bespoke product. This allows you to discover and highlight the most likely and most dangerous threats that travellers may face. We would always highlight how each threat can be mitigated and what the cost may be. That way, we allow travellers to make their own decision about whether or not they travel.
Security can be seen as a shackle that is preventing people from doing things but security is all about enablement – enabling travellers to go about their business safely and securely, so that they feel safe. A successful business trip is one you go home from.
The specialist – Alex Martin, director for crisis and security consultancy, Control Risks
The crisis management team owns the plan and the whole team is responsible for ensuring it is fit for purpose because they fall back on it in a crisis. A plan is never finished, and every post-crisis review might result in changes to ensure better performance next time. Underneath the crisis management plan will be appendices that relate to crisis types the company may be exposed to: evacuation, pandemic, kidnap, cyber attack, corruption and fraud.
Crisis planning should exist at every level of the organisation: corporate, divisional, geographical, regional and site. Everybody has a role to play in a crisis, and planning and preparation go down to the lowest level, so that individuals know what their role is.
The structure boils down to Report, Assess, Convene, Execute, Recover (RACER). How are crises reported within the organisation? How is the crisis defined – site, regional or corporate level? And you need an agenda to follow: objectives, roles and responsibilities. Have we got the right people in the room? Who’s responsible for what? Facts and assumptions – what do we know and what do we think has occurred? What does ‘fixed’ look like?
If it is not clear, concise, communicated and trained for, a crisis management plan is limited.